A default credential is a preconfigured username, password, or other login secret shipped with a device, service, or application. It matters because attackers routinely try known defaults because so many systems are deployed without changing them.
What is Default Credential?
Default credentials are common in appliances, IoT devices, software installers, and management interfaces. Leaving them in place turns easy public knowledge into direct unauthorized access risk.
What Default Credential Commonly Supports
Common uses include hardening checklists, exposure review, asset onboarding, and appliance security assessments.
Default Credential vs. Rotated Unique Credential
A default credential is shared or pre-known across deployments. A rotated unique credential is specific to the environment and not publicly predictable.
Frequently Asked Questions
Why are default credentials still a problem?
Because convenience, rushed deployment, and poor onboarding discipline leave them unchanged surprisingly often.
Are defaults only passwords?
No. They can include tokens, API keys, or other built-in authentication material too.
Related Cybersecurity Terms
